Using Flex-Algo for Segment Routing (SR) based Virtual Transport Network (VTN)

Enhanced VPN (VPN+) is an enhancement to VPN services to support the needs of new applications, particularly including the applications that are associated with 5G services. These applications require enhanced isolation and have more stringent performance requirements than that could be provided with conventional overlay VPN techniques. Thus these properties require integration between the underlay and the overlay networks. specifies the framework of enhanced VPN and describes the candidate component technologies in different network planes and network layers to realize VPN+. VPN+ may be used to deliver IETF network slice services, and will also be of use in other generic scenarios. To meet the requirement of VPN+ services, a number of virtual transport networks (VTN) can be created, each is associated with a network topology, and is allocated with a set of dedicated or shared resources from the underlay physical network, so as to meet the requirements of one or a group of VPN+ services. Another possible approach is to create a set of point-to-point paths, each with a set of network resource reserved along the path, such paths are called Virtual Transport Paths (VTPs). Although using a set of dedicated VTPs can provide similar characteristics as VTN, it has some scalability issues due to the per-path state in the network. introduces resource awareness to Segment Routing (SR) . As described in , the resource-aware segment identifiers (SIDs) can be used to build VTNs with the required network topology and network resource attributes to support VPN+ services. With a segment routing based data plane, SIDs can be used to represent both the topology and the set of network resources allocated by network nodes to a VTN. For VTN-specific path compuation and instantiation, the SIDs of each VTN together with its associated topology and resource attributes need to be distributed in control plane. defines the IGP mechanisms and extensions to provide scalable SR based VTNs. The mechanism in allows flexible combination of the topology and resource attributes to provide a relatively large number of VTNs with relatively small number of topologies. In some network scenarios, the number of required VTNs may be small, thus a simplified solution to provide a small number of VTNs may also be desired. This document describes a mechanism to build the SR based VTNs using SR Flex-Algo and IGP L2 bundle with minor extensions. With this mechanism, each VTN is associated with a unique Flex-Algo, and the set of network resources allocated to different VTNs are instantiated using layer-2 sub-interfaces or layer-2 member links of the L3 interfaces. It can provide a relatively small number of VTNs, and can be considered as a transitional solution for the VTN deployment. This document updates by defining a new flag in the Parent L3 Neighbor Descriptor in the L2 Bundle Member Attributes TLV. states that all bit fields not defined in that document "MUST be set to zero on transmission and ignored on receipt". Section 3 of this document defines a new flag and specifies when it should be set and how it should be processed.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

specifies the mechanism to provide distributed constraint-path computation, and the usage of SR-MPLS prefix-SIDs and SRv6 locators for steering traffic along the constrained paths. The Flex-Algo Definition (FAD) is the combination of calculation-type, metric-type and the topological constraints used for path computation. According to the network nodes' participation of a Flex-Algo, and the rules of including or excluding Admin Groups (i.e. colors) and Shared Risk Link Groups (SRLGs), the topology of a VTN can be described using the associated Flex-Algo. If each VTN is associated with a unique Flex-Algo, the Flex-Algo identifier could be reused as the identifier of the VTN in the control plane. With the mechanisms defined in , SR-MPLS prefix-SID advertisement can be associated with a specific topology and a specific algorithm, which can be a Flex-Algo. This allows the nodes to use the prefix-SIDs to steer traffic along distributed computed constraint paths according to the associated Flex-Algo in a particular topology. specifies the IS-IS extensions to support SRv6 data plane, in which the SRv6 locators advertisement is associated with a topology and a specific algorithm, which can be a Flex-Algo. This allows the nodes to use the SRv6 locators to steer traffic along distributed computed constraint paths according to the associated Flex-Algo in a particular topology. In addition, topology/algorithm specific SRv6 End SIDs and End.X SIDs can be used to enforce traffic over the Loop-Free Alternatives (LFA) computed backup paths.

Each VTN can be allocated with a set of dedicated or shared network resources on different network nodes and links. In order for a network controller or the ingress nodes to perform constraint based path computation for each VTN, the resource attributes of each VTN need to be advertised. This way, the network controller or the ingress node can compute an SR-TE path in a VTN by taking both the Flex-Algo constraints and the resource attributes of the VTN into consideration. IS-IS L2 Bundle was defined to advertise the link attributes of the layer-2 bundle member links. In this section, it is extended to advertise the set of network resource attributes associated with different VTNs on a layer-3 link. The layer-3 link must have the capability of partitioning the link resources into different subsets and allocate them to different VTNs it participates in. Each partition of the link resources can be instantiated as a layer-2 sub-interface, which can be seen as a virtual layer-2 member link of the layer-3 link. If the layer-3 link itself is a layer-2 link bundle, the set of link resources allocated to a specific VTN may be provided by one or multiple physical layer-2 member links. A new flag "E" (Exclusive) is defined in the flag field of the Parent L3 Neighbor Descriptor in the L2 Bundle Member Attributes TLV (25).

E flag: When the E flag is set, it indicates each member link under the Parent L3 link is used exclusively for one VTN, and load sharing among the member links in different VTNs is not allowed. When the E flag is clear, it indicates load balancing and sharing among the member links are allowed. Note that legacy implementations of will set the E flag to zero (clear) meaning that load balancing among component links is the default behavior. Further, when a legacy implementation receives an E flag that is set, it will ignore the flag and so will assume that load balancing among component links is allowed even when the sender has requested it to not be used. The Flex-Algo associated with the VTN can be defined that only nodes which support the E flag and the mechanisms defined in this document are included in the constraint-based path computation and packet forwarding of the VTN. For each virtual or physical layer-2 member link, the Admin Groups (AG) or Extended Admin Group (EAG) attribute MUST be advertised using the mechanisms as defined in . This is for the correlation between the Flex-Algo specific forwarding entries and the layer-2 member links of the VTN. Other TE attributes as defined in such as the Maximum Link Bandwidth attribute MAY also be advertised for the constraint-based path computation performed by the controller or the ingress nodes. The SR-MPLS Adj-SIDs or SRv6 End.X SIDs associated with each of the virtual or physical layer-2 member links SHOULD be advertised according to and . In order to correlate the virtual or physical layer-2 member links with the Flex-Algo ID which is used to identify the VTN, each VTN is assigned with a unique Admin Group (AG) or Extended Admin Group (EAG), and the virtual or physical layer-2 member links associated with this VTN are configured with the AG or EAG assigned to the VTN. The AG or EAG of the parent layer-3 link SHOULD be set to the union of all the AGs or EAGs of its virtual or physical layer-2 member links. In the definition of the Flex-Algo corresponding to the VTN, it MUST use the Include-Any Admin Group rule with only the AG or EAG assigned to the VTN as the link constraints, the Include-All Admin Goup rule or the Exclude Admin Group rule MUST NOT be used for a Flex-Algo associated with VTN. This is to ensure that the layer-3 link is included in the Flex-Algo constraint based path computation for each VTN it participates in.

For the SR-MPLS data plane, a prefix SID is associated with the paths calculated using the Flex-Algo corresponding to a VTN. An outgoing layer-3 interface is determined for each path. In addition, the prefix-SID also steers the traffic to use the virtual or physical layer-2 member link which is associated with the VTN on the outgoing layer-3 interface for packet forwarding. A forwarding entry MUST be installed in the forwarding plane using the MPLS label that corresponds to the Prefix-SID associated with the Flex-algorithm corresponding to the VTN. The Adj-SIDs associated with the virtual or physical member links of a VTN MAY be used together with the prefix-SIDs of the same VTN to build SR-MPLS TE paths under the topological and resource constraints of the VTN. For the SRv6 data plane, an SRv6 Locator is a prefix which is associated with the paths calculated using the Flex-Algo corresponding to a VTN. An outgoing Layer-3 interface is determined for each path. In addition, the SRv6 Locator prefix also steers the traffic to use the virtual or physical layer-2 member link which is associated with the VTN on the outgoing layer-3 interface for packet forwarding. A forwarding entry for the SRv6 Locator prefix MUST be installed in the forwarding plane for the Flex-algorithm corresponding to the VTN.The End.XU SIDs associated with the virtual or physical member links of a VTN MAY be used together with other types of SRv6 SIDs of the same VTN to build SRv6 paths under the topological and resource constraints of the VTN.

The mechanism described in this document assumes that each VTN is associated with a unique Flex-Algo, so that the Flex-Algo IDs can be reused to identify the VTNs in the control plane. Although this has the benefit of simplified control plane, it also has some limitations. Firstly, it means that even if multiple VTNs share the same topological constraints, they still need to be identified using different Flex-Algo IDs in the control plane, then independent path computation needs to be executed for each VTN. Secondly, the number of VTNs supported in a network may be dependent on the number of Flex-Algos supported, which is related to the number of Flex-Algos supported both in the protocol specification (which is 128) and the control plane overhead on network nodes under a spedific network scale. Thus the mechanism described in this document is applicable to network scenarios where the number of required VTN is relatively small. A detailed analysis about the VTN scalability and the possible optimizations for supporting a large number of VTNs can be found in .

This document introduces no additional security vulnerabilities to IS-IS. The mechanism proposed in this document is subject to the same vulnerabilities as any other protocol that relies on IGPs.

This document does not request any IANA actions.

The authors would like to thank Zhenbin Li, Peter Psenak, Adrian Farrel and Gyan Mishra for the review and discussion of this document.